UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The organization must have a written policy or training materials stating Bluetooth must be disabled on all applicable devices unless they employ FIPS 140-2 validated cryptographic modules for data in transit.


Overview

Finding ID Version Rule ID IA Controls Severity
V-35937 SRG-MPOL-019 SV-47253r1_rule Low
Description
Policy and training provide assurance that security requirements will be implemented in practice. Failure to use FIPS 140-2 validated cryptography makes data more vulnerable to security breaches as the data is unencrypted and in clear text.
STIG Date
Mobile Policy Security Requirements Guide 2013-01-24

Details

Check Text ( C-44174r1_chk )
This check only applies to sites using Bluetooth or ZigBee radios. Verify a written policy or training materials exists stating that Bluetooth (or ZigBee) will be disabled on all applicable devices unless they employ FIPS 140-2 validated cryptographic modules for data in transit. If a policy does not exist or if it does not adequately cover the requirement, this is a finding.
Fix Text (F-40462r1_fix)
Update the policy or training materials to prohibit use of Bluetooth data transmission without FIPS 140-2 validated cryptographic modules.